Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Stuxnet malware threat continues, targets control systems

The recently discovered Stuxnet malware, which takes advantage of a zero-day Microsoft Windows Shell vulnerability, is being used in targeted attacks to penetrate industrial control systems, particularly in the United States, according to security researchers.

The malware has been active for several days, targeting supervisory control and data acquisition (SCADA) systems, which are used to manage operations at places such as power plants and gas and oil refineries, to obtain data. The United States, Iran and Russia have been hit the hardest, according to security firm ESET. Almost 58 percent of all infections have occurred in the United States.

The Stuxnet worm exploits a zero-day vulnerability present in Windows Shell that was disclosed by Microsoft on Friday. The bug “exists because Windows incorrectly parses shortcuts [.lnk files, which are represented by an icon] in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed,” according to Microsoft's security advisory.

Microsoft on Tuesday updated its advisory to include an automated "Fix It" solution that mitigates the bug's risk by disabling icons from being displayed for shortcuts, which can prevent attacks attempting to exploit this vulnerability.

The flaw permits a malicious .lnk file to be executed by simply plugging in an infected USB device, Randy Abrams, director of technical education at ESET, told SCMagazineUS.com on Wednesday.

“The user doesn't have to click on anything at all,” Abrams said. “You can disable AutoRun, but that doesn't prevent this vulnerability from being executed.”

Once installed, the Stuxnet malware attempts to connect to the database associated with SCADA systems to obtain files and run various queries to collect information, according to Symantec. It also may gather other information relating to servers and the network configuration.

“This specific worm targets SCADA systems, which, for the general public, was a good thing,” Abrams said. “Most people don't have SCADA software on their computers, so when they got infected the worm didn't do anything particularly harmful.”

Major SCADA manufacturer Siemens warned customers about the threat this week. The malware currently is spreading via infected USB devices and targeting Siemens' Simatic WinCC and Simatic PCS 7 software, the company said.

“There is only one known case of infection in Germany,” Siemens said. “We are, at present, trying to find out whether the virus caused any damage.”

The purpose of the Stuxnet malware is likely to carry out corporate espionage, researchers said. Going forward, however, it is likely that the same attack vector will be exploited by other cybercriminals who may have different targets.

Besides being exploited locally through a malicious USB drive, the flaw also can be exploited remotely via network shares and a set of extensions that allow users to edit and manage files on remote web servers called web-based Distributed Authoring and Versioning (WebDAV), Microsoft said in its security advisory. Additionally, an exploit also can be included in specific document types that support embedded shortcuts.

If a maliciously crafted link file is placed on a network share, for instance, a user automatically can be infected by connecting to the network share, Abrams said.

“Removable media is probably the most likely exploit scenario, but it certainly isn't the only one,” Abrams said. “You could potentially see another Conficker coming out of this vulnerability because that spread through removable media but also through network shares.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.